Asterisk 13.17.2 - Memory Corruption

# Date and time of release: Nov, 15 2017 # Found this and more exploits on my open source security project: http://www.exploitpack.com # # Tested on: Asterisk 13.17.2~dfsg-2 # # Description: Asterisk is prone to a remote unauthenticated memory exhaustion # The vulnerability is due to an error when the vulnerable application handles crafted SCCP packet. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system. # # [Nov 29 15:38:06] ERROR[7763] tcptls.c: TCP/TLS unable to launch helper thread: Cannot allocate memory # # Program: Asterisk is an Open Source PBX and telephony toolkit. It is, in a # sense, middleware between Internet and telephony channels on the bottom, # and Internet and telephony applications at the top. # # Homepage: http://www.asterisk.org/ # Filename: pool/main/a/asterisk/asterisk_13.17.2~dfsg-2_i386.deb # # Example usage: python asteriskSCCP.py 192.168.1.1 2000